- Apr 24, 2016
T-Mobile has confirmed that the Lapsus$ extortion gang breached its network "several weeks ago" using stolen credentials and gained access to internal systems.
The telecommunications company added that it severed the cybercrime group's access to its network and disabled the credentials used in the hack after discovering the security breach.
Per T-Mobile, the Lapsus$ hackers didn't steal sensitive customer or government information during the incident.
"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software," a T-Mobile spokesperson told BleepingComputer.
"The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value.
"Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete."
Independent investigative journalist Brian Krebs first reported the breach after reviewing leaked Telegram chat messages between Lapsus$ gang members.
While inside the mobile carrier's network, the cybercriminals were able to steal proprietary T-Mobile source code, according to Krebs.